CVE-2011-1146

Common Vulnerabilities and Exposures

Upstream information

CVE-2011-1146 at MITRE

Description

libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.

NVD CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 678406

SUSE Security Advisories:

SUSE-SR:2011:007, published Tue, 19 Apr 2011 12:00:00 +0000
openSUSE-SU-2011:0311-1, published Thu, 7 Apr 2011 15:08:16 +0200 (CEST)
openSUSE-SU-2011:0578-1, published Wed, 1 Jun 2011 00:08:32 +0200 (CEST)
openSUSE-SU-2011:0580-1, published Wed, 1 Jun 2011 01:08:12 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SLE 11 SP1 DEBUGINFO	`libvirt-debuginfo >= 0.7.6-1.21.1` `libvirt-debugsource >= 0.7.6-1.21.1` `xen-debuginfo >= 4.0.1_21326_08-0.5.1` `xen-debugsource >= 4.0.1_21326_08-0.5.1`	sle11-sp1-sdk.x86-64 sles11-sp1.x86-64 sles11-sp1.x86 sled11-sp1.x86-64 sle11-sp1-sdk.x86 sled11-sp1.x86 SAT Patch Nr: 4491
SUSE Linux Enterprise Software Development Kit 11 SP1	`libvirt-devel >= 0.7.6-1.21.1` `xen-devel >= 4.0.1_21326_08-0.5.1`	sle11-sp1-sdk.x86-64 sles11-sp1.x86-64 sles11-sp1.x86 sled11-sp1.x86-64 sle11-sp1-sdk.x86 sled11-sp1.x86 SAT Patch Nr: 4491
SUSE Linux Enterprise Desktop 11 SP1	`libvirt >= 0.7.6-1.21.1` `libvirt-doc >= 0.7.6-1.21.1` `libvirt-python >= 0.7.6-1.21.1` `vm-install >= 0.4.30-0.3.2` `xen >= 4.0.1_21326_08-0.5.1` `xen-kmp-default >= 4.0.1_21326_08_2.6.32.36_0.5-0.5.1` `xen-kmp-pae >= 4.0.1_21326_08_2.6.32.36_0.5-0.5.1` `xen-libs >= 4.0.1_21326_08-0.5.1` `xen-tools >= 4.0.1_21326_08-0.5.1` `xen-tools-domU >= 4.0.1_21326_08-0.5.1`	sle11-sp1-sdk.x86-64 sles11-sp1.x86-64 sles11-sp1.x86 sled11-sp1.x86-64 sle11-sp1-sdk.x86 sled11-sp1.x86 SAT Patch Nr: 4491
SUSE Linux Enterprise Desktop 11 SP1	`libvirt >= 0.7.6-1.21.1` `libvirt-doc >= 0.7.6-1.21.1` `libvirt-python >= 0.7.6-1.21.1` `vm-install >= 0.4.30-0.3.2` `xen >= 4.0.1_21326_08-0.5.1` `xen-kmp-default >= 4.0.1_21326_08_2.6.32.36_0.5-0.5.1` `xen-libs >= 4.0.1_21326_08-0.5.1` `xen-tools >= 4.0.1_21326_08-0.5.1` `xen-tools-domU >= 4.0.1_21326_08-0.5.1`	sle11-sp1-sdk.x86-64 sles11-sp1.x86-64 sles11-sp1.x86 sled11-sp1.x86-64 sle11-sp1-sdk.x86 sled11-sp1.x86 SAT Patch Nr: 4491
SUSE Linux Enterprise Server 11 SP1	`libvirt >= 0.7.6-1.21.1` `libvirt-doc >= 0.7.6-1.21.1` `libvirt-python >= 0.7.6-1.21.1` `vm-install >= 0.4.30-0.3.2` `xen >= 4.0.1_21326_08-0.5.1` `xen-doc-html >= 4.0.1_21326_08-0.5.1` `xen-doc-pdf >= 4.0.1_21326_08-0.5.1` `xen-kmp-default >= 4.0.1_21326_08_2.6.32.36_0.5-0.5.1` `xen-kmp-pae >= 4.0.1_21326_08_2.6.32.36_0.5-0.5.1` `xen-libs >= 4.0.1_21326_08-0.5.1` `xen-tools >= 4.0.1_21326_08-0.5.1` `xen-tools-domU >= 4.0.1_21326_08-0.5.1`	sle11-sp1-sdk.x86-64 sles11-sp1.x86-64 sles11-sp1.x86 sled11-sp1.x86-64 sle11-sp1-sdk.x86 sled11-sp1.x86 SAT Patch Nr: 4491
SUSE Linux Enterprise Server 11 SP1	`libvirt >= 0.7.6-1.21.1` `libvirt-doc >= 0.7.6-1.21.1` `libvirt-python >= 0.7.6-1.21.1` `vm-install >= 0.4.30-0.3.2` `xen >= 4.0.1_21326_08-0.5.1` `xen-doc-html >= 4.0.1_21326_08-0.5.1` `xen-doc-pdf >= 4.0.1_21326_08-0.5.1` `xen-kmp-default >= 4.0.1_21326_08_2.6.32.36_0.5-0.5.1` `xen-libs >= 4.0.1_21326_08-0.5.1` `xen-tools >= 4.0.1_21326_08-0.5.1` `xen-tools-domU >= 4.0.1_21326_08-0.5.1`	sle11-sp1-sdk.x86-64 sles11-sp1.x86-64 sles11-sp1.x86 sled11-sp1.x86-64 sle11-sp1-sdk.x86 sled11-sp1.x86 SAT Patch Nr: 4491
openSUSE 11.3	`xen-debugsource >= 4.0.1_21326_08-0.7.1` `xen-kmp-default-debuginfo >= 4.0.1_21326_08_k2.6.34.8_0.2-0.7.1` `xen-kmp-desktop-debuginfo >= 4.0.1_21326_08_k2.6.34.8_0.2-0.7.1` `xen-kmp-pae-debuginfo >= 4.0.1_21326_08_k2.6.34.8_0.2-0.7.1` `xen-libs-debuginfo >= 4.0.1_21326_08-0.7.1` `xen-tools-debuginfo >= 4.0.1_21326_08-0.7.1` `xen-tools-domU-debuginfo >= 4.0.1_21326_08-0.7.1`
openSUSE 11.3	`vm-install >= 0.4.30-0.4.1` `xen >= 4.0.1_21326_08-0.7.1` `xen-devel >= 4.0.1_21326_08-0.7.1` `xen-doc-html >= 4.0.1_21326_08-0.7.1` `xen-doc-pdf >= 4.0.1_21326_08-0.7.1` `xen-kmp-default >= 4.0.1_21326_08_k2.6.34.8_0.2-0.7.1` `xen-kmp-desktop >= 4.0.1_21326_08_k2.6.34.8_0.2-0.7.1` `xen-kmp-pae >= 4.0.1_21326_08_k2.6.34.8_0.2-0.7.1` `xen-libs >= 4.0.1_21326_08-0.7.1` `xen-tools >= 4.0.1_21326_08-0.7.1` `xen-tools-domU >= 4.0.1_21326_08-0.7.1`
openSUSE 11.2	`libvirt-debuginfo >= 0.7.2-1.1.5.1` `libvirt-debugsource >= 0.7.2-1.1.5.1` `libvirt-python-debuginfo >= 0.7.2-1.1.5.1`
openSUSE 11.2	`libvirt >= 0.7.2-1.1.5.1` `libvirt-devel >= 0.7.2-1.1.5.1` `libvirt-doc >= 0.7.2-1.1.5.1` `libvirt-python >= 0.7.2-1.1.5.1`
openSUSE 11.3	`libvirt-client-debuginfo >= 0.8.1-4.6.2` `libvirt-debuginfo >= 0.8.1-4.6.2` `libvirt-debugsource >= 0.8.1-4.6.2` `libvirt-python-debuginfo >= 0.8.1-4.6.2`
openSUSE 11.3	`libvirt >= 0.8.1-4.6.2` `libvirt-client >= 0.8.1-4.6.2` `libvirt-devel >= 0.8.1-4.6.2` `libvirt-doc >= 0.8.1-4.6.2` `libvirt-python >= 0.8.1-4.6.2`
openSUSE 11.4 DEBUGINFO	`libvirt-client-debuginfo >= 0.8.8-0.6.1` `libvirt-debuginfo >= 0.8.8-0.6.1` `libvirt-debugsource >= 0.8.8-0.6.1` `libvirt-python-debuginfo >= 0.8.8-0.6.1`
openSUSE 11.4	`libvirt >= 0.8.8-0.6.1` `libvirt-client >= 0.8.8-0.6.1` `libvirt-devel >= 0.8.8-0.6.1` `libvirt-doc >= 0.8.8-0.6.1` `libvirt-python >= 0.8.8-0.6.1`
openSUSE 11.4 DEBUGINFO	`xen-debugsource >= 4.0.2_02-4.9.2` `xen-kmp-default-debuginfo >= 4.0.2_02_k2.6.37.6_0.5-4.9.2` `xen-kmp-desktop-debuginfo >= 4.0.2_02_k2.6.37.6_0.5-4.9.2` `xen-kmp-pae-debuginfo >= 4.0.2_02_k2.6.37.6_0.5-4.9.2` `xen-libs-debuginfo >= 4.0.2_02-4.9.2` `xen-tools-debuginfo >= 4.0.2_02-4.9.2` `xen-tools-domU-debuginfo >= 4.0.2_02-4.9.2`
openSUSE 11.4	`vm-install >= 0.4.30-0.3.1` `xen >= 4.0.2_02-4.9.2` `xen-devel >= 4.0.2_02-4.9.2` `xen-doc-html >= 4.0.2_02-4.9.2` `xen-doc-pdf >= 4.0.2_02-4.9.2` `xen-kmp-default >= 4.0.2_02_k2.6.37.6_0.5-4.9.2` `xen-kmp-desktop >= 4.0.2_02_k2.6.37.6_0.5-4.9.2` `xen-kmp-pae >= 4.0.2_02_k2.6.37.6_0.5-4.9.2` `xen-libs >= 4.0.2_02-4.9.2` `xen-tools >= 4.0.2_02-4.9.2` `xen-tools-domU >= 4.0.2_02-4.9.2`

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy